Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/iz1oLphOz4C0RKqGaCjwgWp4k-4.roa
File:                     iz1oLphOz4C0RKqGaCjwgWp4k-4.roa (raw, json)
Hash identifier:          Spyiz27gUIj8vniKoNjV++85gF3fncVYgrGF+1dIJog=
Subject key identifier:   8B:3D:68:2E:98:4E:CF:80:B4:44:AA:86:68:28:F0:81:6A:78:93:EE
Certificate issuer:       /CN=261b941dbe59651fafbba9724a12775e07edb635
Certificate serial:       019421B251D58E6DFCD22FB2B2A4403E11E0
Authority key identifier: 26:1B:94:1D:BE:59:65:1F:AF:BB:A9:72:4A:12:77:5E:07:ED:B6:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JhuUHb5ZZR-vu6lyShJ3XgfttjU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/iz1oLphOz4C0RKqGaCjwgWp4k-4.roa
Signing time:             Wed 01 Jan 2025 11:48:41 +0000
ROA not before:           Wed 01 Jan 2025 11:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.172.152.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/JhuUHb5ZZR-vu6lyShJ3XgfttjU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/JhuUHb5ZZR-vu6lyShJ3XgfttjU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JhuUHb5ZZR-vu6lyShJ3XgfttjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:51:d5:8e:6d:fc:d2:2f:b2:b2:a4:40:3e:11:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=261b941dbe59651fafbba9724a12775e07edb635
        Validity
            Not Before: Jan  1 11:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b3d682e984ecf80b444aa866828f0816a7893ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:3b:c3:de:38:0c:54:56:1f:1f:41:98:6a:f3:
                    c4:54:fa:d6:c0:ea:87:ee:05:77:db:4e:45:50:61:
                    e3:18:05:ca:2d:67:d9:8d:ae:4f:70:eb:0d:b9:5d:
                    5b:37:c8:f3:fa:d6:f7:5b:7e:1d:1a:34:57:03:65:
                    51:f2:c3:33:e9:27:ff:cc:4f:a3:87:00:03:62:ee:
                    8e:b9:2e:c0:cb:fa:ba:51:bc:bd:12:ad:a5:b3:af:
                    5a:17:b0:3f:94:e9:c3:ea:c2:54:d0:6c:fa:23:b5:
                    c8:79:7b:1e:65:c9:8f:6d:a8:51:d9:88:71:c9:07:
                    d9:9b:cc:97:c4:56:c0:72:44:34:05:ba:a5:56:19:
                    e4:b4:83:fa:ea:fd:c0:ab:49:29:14:ad:58:c1:6b:
                    47:42:9a:3b:9e:96:d5:5e:ef:6e:4e:cd:d6:11:ed:
                    25:a5:da:2c:01:6f:af:d7:74:ce:72:16:dd:4a:9a:
                    ec:1c:96:fc:5a:96:89:7d:9b:f3:81:1f:b1:cf:e6:
                    cb:19:63:a4:36:a1:7c:38:5f:23:82:c7:bb:1f:38:
                    11:b6:f9:0f:59:e3:1b:00:48:4b:8e:ca:33:97:03:
                    0b:d9:df:f5:68:ed:b9:48:de:c4:1e:01:b2:0b:87:
                    ef:50:ab:72:0a:15:da:2b:8a:d2:25:e3:fc:21:51:
                    c7:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:3D:68:2E:98:4E:CF:80:B4:44:AA:86:68:28:F0:81:6A:78:93:EE
            X509v3 Authority Key Identifier:
                keyid:26:1B:94:1D:BE:59:65:1F:AF:BB:A9:72:4A:12:77:5E:07:ED:B6:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JhuUHb5ZZR-vu6lyShJ3XgfttjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/iz1oLphOz4C0RKqGaCjwgWp4k-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/JhuUHb5ZZR-vu6lyShJ3XgfttjU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:e1:27:e2:90:9e:cb:cb:98:41:79:b8:6f:8b:d4:02:9b:f7:
         3f:c2:08:a1:8a:6e:e9:62:2c:e0:4e:ce:d2:36:b5:0f:21:70:
         ec:11:8a:ae:3d:f1:d7:b4:0f:6c:c2:96:26:e1:62:c5:37:21:
         85:db:23:01:b4:c6:79:23:83:76:34:ea:9f:68:f8:f9:61:66:
         af:16:37:3d:d9:54:c2:b7:10:23:fb:25:1b:8f:f2:b8:18:96:
         b7:4f:bf:10:79:47:9a:6a:d0:66:bf:6f:bd:a0:56:08:05:ab:
         57:82:7c:62:fa:64:9b:7c:5e:32:c2:05:81:ae:73:8a:5a:c5:
         81:3d:47:b2:a9:0e:c7:f9:e1:d1:4d:9c:cc:5b:d7:d4:dc:e1:
         22:15:33:71:df:cf:9a:aa:6c:b5:86:71:c4:60:d1:11:3e:36:
         a3:0f:cb:74:5f:b8:c4:87:8e:11:a7:05:ce:37:fa:eb:e5:fd:
         fb:23:0c:ad:83:5e:5b:2f:d5:24:72:db:86:4f:a5:cf:0a:ef:
         10:a2:e3:a8:d4:f6:5a:0d:21:41:19:f2:56:bd:78:38:62:b6:
         25:d7:61:aa:7a:a0:25:1e:b8:f5:43:84:36:23:5e:18:b8:91:
         46:cf:d3:67:1b:3d:e4:67:81:56:d5:a3:8b:8b:4e:8f:7d:38:
         de:8a:d3:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhslHVjm380i+ysqRAPhHgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MWI5NDFkYmU1OTY1MWZhZmJiYTk3MjRhMTI3NzVlMDdl
ZGI2MzUwHhcNMjUwMTAxMTE0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjNkNjgyZTk4NGVjZjgwYjQ0NGFhODY2ODI4ZjA4MTZhNzg5M2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0zvD3jgMVFYfH0GYavPEVPrWwOqH
7gV3205FUGHjGAXKLWfZja5PcOsNuV1bN8jz+tb3W34dGjRXA2VR8sMz6Sf/zE+j
hwADYu6OuS7Ay/q6Uby9Eq2ls69aF7A/lOnD6sJU0Gz6I7XIeXseZcmPbahR2Yhx
yQfZm8yXxFbAckQ0BbqlVhnktIP66v3Aq0kpFK1YwWtHQpo7npbVXu9uTs3WEe0l
pdosAW+v13TOchbdSprsHJb8WpaJfZvzgR+xz+bLGWOkNqF8OF8jgse7HzgRtvkP
WeMbAEhLjsozlwML2d/1aO25SN7EHgGyC4fvUKtyChXaK4rSJeP8IVHHYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIs9aC6YTs+AtESqhmgo8IFqeJPuMB8GA1UdIwQY
MBaAFCYblB2+WWUfr7upckoSd14H7bY1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmh1VUhiNVpaUi12dTZseVNoSjNYZ2Z0dGpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8yZjgzMGYtYWY0ZC00ZDMzLWEzMDAt
Yjk4ZGY1NDRiYzIwLzEvaXoxb0xwaE96NEMwUktxR2FDandnV3A0ay00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8yZjgzMGYtYWY0ZC00ZDMzLWEzMDAtYjk4ZGY1NDRiYzIw
LzEvSmh1VUhiNVpaUi12dTZseVNoSjNYZ2Z0dGpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuayYMA0G
CSqGSIb3DQEBCwUAA4IBAQAJ4SfikJ7Ly5hBebhvi9QCm/c/wgihim7pYizgTs7S
NrUPIXDsEYquPfHXtA9swpYm4WLFNyGF2yMBtMZ5I4N2NOqfaPj5YWavFjc92VTC
txAj+yUbj/K4GJa3T78QeUeaatBmv2+9oFYIBatXgnxi+mSbfF4ywgWBrnOKWsWB
PUeyqQ7H+eHRTZzMW9fU3OEiFTNx38+aqmy1hnHEYNERPjajD8t0X7jEh44RpwXO
N/rr5f37Iwytg15bL9UkctuGT6XPCu8QouOo1PZaDSFBGfJWvXg4YrYl12GqeqAl
Hrj1Q4Q2I14YuJFGz9NnGz3kZ4FW1aOLi06PfTjeitMo
-----END CERTIFICATE-----